Programme @

GOVSEC

Government IT Security

23 May 2024

Victoria Park Plaza, London

Programme @ GOVSEC

Morning Session

defending the state, working with our allies, and ensuring the UK is safe and secure

  • Cyber Security – Perspectives from the National Audit Office
  • Beyond the Vault: Achieving Zero Trust through Privileged Access Management
  • Critical Incident Response
  • Privilege Access Management: The Critical Foundation For a Successful Identity Security Strategy
  • Understanding Risk-Based Vulnerability Management
  • More than Firewalls: A Case Study On Safeguarding Public Services in the Digital Age
  • Developing a Holistic Approach To Cyber Security Through Organisational Resilience

09:15 (BST)

Conference Chair's Opening Address

Jessica Figueras
Co-founder, CxB - Cyber Governance for Boards
view profile

Jessica Figueras, Co-founder, CxB – Cyber Governance for Boards

09:25 (BST)

Cyber Security - Perspectives from the National Audit Office

Jonathan Pownall
Senior Digital Specialist, Digital Insights Team, National Audit Office
view profile

Jonathan Pownall, Senior Digital Specialist, Digital Insights Team, National Audit Office

In this presentation, Jonathan will cover the NAO’s perspectives on:

  • Changing responsibilities for cyber security in central government.
  • How the government is tackling the challenge of legacy systems.
  • Are cloud services the answer?
  • How organisations can improve cyber resilience and promote good cyber security practices.

09:45 (BST)

Beyond the Vault: Achieving Zero Trust through Privileged Access Management

Mark Lillywhite
Senior Sales Engineer, Delinea
view profile

Mark Lillywhite, Senior Sales Engineer, Delinea

  • Explore the critical role of Privileged Access Management (PAM) as the cornerstone of a zero trust security strategy.
  • Learn how Just in Time (JIT) and Just Enough Privilege (JEP) methodologies enhance security by minimizing exposure and limiting privileges.
  • Gain insights into practical implementation strategies and best practices for achieving real defense in depth in today’s dynamic threat landscape.

10:00 (BST)

Critical Incident Response

Mark Rysanek
Cyber Liaison Officer, Royal Canadian Mounted Police
view profile

Mark Rysanek, Cyber Liaison Officer, Royal Canadian Mounted Police

Cybercrime occurrences can be broadly categorized along a spectrum ranging from minimal harm caused to a single entity through to devastating and sustained injury targeting Critical & National Infrastructure (CNI). Responding to these events brings together a number of parties with competing priorities. This presentation will provide an overview of what the response to a cybercrime CNI incident looks like from the law enforcement perspective. The audience will hear how law enforcement increasingly views its role as complementary to other stakeholders, moving away from the positional role found in traditional policing. The presentation will also highlight the challenges of cybercrime policing in these events. Summary points:

  • Mitigation prior to evidence collection is now an understood reality in policing.
  • An ‘all of government’ posture is now the norm.
  • Imposing consequences is the law enforcement contribution.

10:20 (BST)

Privilege Access Management: The Critical Foundation For a Successful Identity Security Strategy

Lee Elliott
Director of Solutions Engineering, BeyondTrust
view profile

 Lee Elliott, Director of Solutions Engineering, BeyondTrust

There is a fundamental shift in the cyber battleground from traditional perimeter and endpoint security into the world of identity security. Identity compromise and misuse are central to almost every cyberattack. This exploit makes use of compromised credentials, over-privileged users and gaps in visibility. As such, threat actors are highly motivated to exploit the identity sprawl caused by cloud adoption, the proliferation of non-human accounts and the use of disparate systems to manage identities. However, distinguishing between how a legitimate user is leveraging an identity and the misuse of that identity by an unauthorized user is difficult. Join Lee Elliott, Director, Solutions Engineering, as he introduces how Privilege Access Management (PAM) is evolving to combat the threat of Identity Compromise and abuse.

10:35 (BST)

Questions to the Panel of Speakers

10:50 (BST)

Refreshment Break Served in the Exhibition Area

11:20 (BST)

The Conference Chair Introduces Session Two

Jessica Figueras
Co-founder, CxB - Cyber Governance for Boards
view profile

Jessica Figueras, Co-founder, CxB – Cyber Governance for Boards

11:25 (BST)

Understanding Risk-Based Vulnerability Management

Sherlock di Schiavi
Head of Security Architecture, Office for Nuclear Regulation
view profile

Sherlock di Schiavi, Head of Security Architecture, Office for Nuclear Regulation

A Technical Vulnerability Management Framework serves as a structured approach to identifying, prioritising, and mitigating security vulnerabilities within an organisation’s information technology infrastructure. The primary purpose of such a framework is to enhance an organisation’s overall cybersecurity posture by effectively managing and reducing vulnerabilities in its system and applications. In this presentation, Sherlock will discuss:

  • Using the CIA Triad in evaluation
  • Monti Carlo Simulation
  • The integration of techniques

 

11:40 (BST)

More than Firewalls: A Case Study On Safeguarding Public Services in the Digital Age

Ricard Fuertes
Head of IS Operations, Transport for Greater Manchester
view profile

Ricard Fuertes, Head of IS Operations, Transport for Greater Manchester

Delivering digital services implies creating a presence on an environment that sometimes may feel like a lawless frontier full of bad actors. Squaring the circle of remediating those risks with limited resources takes more than the traditional solution of defending the perimeter. What strategies and resources are available for public sector organizations?

Join us to learn about our journey at TfGM towards delivering safe digital services to our customers in Greater Manchester.

11:55 (BST)

Developing a Holistic Approach To Cyber Security Through Organisational Resilience

Steve Watt
Chief Information Officer, University of St. Andrews
view profile

Steve Watt, Chief Information Officer, University of St. Andrews

Many organisations continue to treat cyber security as a technical issue left to their IT functions to manage. A more holistic approach based around organisational resilience is needed supported by executive leadership.  This session will cover the importance of having in place a range of measures to manage the impact of a cyber event such as good cyber governance alongside prevention, detection and recovery controls and a programme which extends into the supply chain.  It will also be based on a sound risk management approach informed by good cyber threat intelligence with all these measures reinforced by a robust security and resilience culture.

12:10 (BST)

Questions to the Panel of Speakers

12:25 (BST)

Delegates move to Seminar Sessions

12:30 (BST)

Session Three - The Seminars

Delegates have the chance to attend one of the Seminar Sessions:

View Seminar Sessions

13:15 (BST)

Networking Lunch in the Exhibition Area

Afternoon Session

detect, deter and defend against new and emerging threats

  • Navigating Cloud Security in the Public Sector: How to Avoid Common Failures
  • Supply Chain Resilience in the Public Sector – The Importance of Getting the Basics Right
  • Using Zero Trust to Contain Ransomware and Improve Cyber-Resilience
  • Hammad Chandio – Department for Education
  • Centralized Security Control and Visibility
  • AI and TI – United Intelligence

14:00 (BST)

The Conference Chair Introduces Session Four

Jessica Figueras
Co-founder, CxB - Cyber Governance for Boards
view profile

Jessica Figueras, Co-founder, CxB – Cyber Governance for Boards

14:05 (BST)

Navigating Cloud Security in the Public Sector: How to Avoid Common Failures

Paolo Passeri
Cyber Intelligence Principal EMEA, Netskope
view profile

Paolo Passeri, Cyber Intelligence Principal EMEA, Netskope

As cloud adoption expands, so does the complexity, and keeping pace requires a new approach. Increasing threats to cloud infrastructure require a shift from reactive to proactive, continuous security. Whether you’re just gaining access to the cloud, moving more of your infrastructure or applications there or seeking to fortify existing defences, safeguarding your Cloud infrastructure is paramount. Drawing upon learnings and case studies from public sector bodies in the UK and across Europe, join Netskope’s Paolo Passeri for a crucial discussion on securing your Cloud organisation in 2024.

14:20 (BST)

Supply Chain Resilience in the Public Sector – The Importance of Getting the Basics Right

Simon Newman
Chief Executive, The Cyber Resilience Centre for London
view profile

Simon Newman, Chief Executive, Cyber Resilience Centre for London

In this session, Simon will be discussing the evolving cyber threat and the risks that public sector organisations face from suppliers. He will also be looking at whether there should be a legal requirement for all suppliers to meet minimum standards around cyber security (and if so, what that standard should be) or whether there is a better approach.

 

14:35 (BST)

Using Zero Trust to Contain Ransomware and Improve Cyber-Resilience

Trevor Dearing
Global Director of Critical Infrastructure Solutions, Illumio
view profile

Trevor Dearing, Global Director of Critical Infrastructure Solutions, Illumio

The digital transformation of government aims to deliver more flexible services, but the increasing threat of ransomware can potentially disrupt those services causing an impact on society. While most departments are limited on budget and resources, taking traditional security approaches is not efficient. A shift in thinking to Zero Trust will be more effective and save money. In this session we will address the following topics:

· How to identify and define risk.
· How to reduce the attack surface.
· How to contain a ransomware attack.
· How to respond and restore services during an attack.

14:50 (BST)

Questions to the Panel of Speakers

15:05 (BST)

Afternoon Networking and Refreshments served in the Exhibition Area

15:30 (BST)

The Conference Chair Introduces Session Five

Jessica Figueras
Co-founder, CxB - Cyber Governance for Boards
view profile

Jessica Figueras, Co-founder, CxB – Cyber Governance for Boards

15:35 (BST)

Centralized Security Control and Visibility

Ben Malu
IT Risk Governance Cyber Analyst, London Ambulance NHS Trust
view profile

Ben Malu, IT Risk Governance Cyber Analyst, London Ambulance NHS Trust

This session will explore:
• Microsoft Defender @ Intune .Centralized system (Visibility and Control)
• Vulnerability Centralized management
• Tamper protection

15:50 (BST)

AI and TI – United Intelligence

Andrew Dillon
Tech Expert, Mimecast
view profile

Andrew Dillon, Tech Expert, Mimecast

Security detection that depends primarily on AI/ML capabilities often pitch solutions as panaceas, despite the many obstacles and challenges that remain. Mimecast detection stack applies the right inspections at the right time, with ML algorithms working alongside proven technologies that have been continuously improved over the course of nearly 20 years. Mimecast combine dozens of different approaches, augmented by AI, to yield the industry-leading security efficacy for which Mimecast is known.

Join Andrew Dillon for a deeper look at Mimecast multi-layered cybersecurity solutions – uniting AI and TI – that businesses need to protect their communications, people, and data.

16:05 (BST)

From Secure Foundations to Resilient Futures

Nuala Kilmartin
Digital Security Innovation Lead, InnovateUK, UKRI
view profile

Nuala Kilmartin, Digital Security Innovation Lead, InnovateUK, UKRI

Digital Security by Design is a UK government supported initiative to help catalyse the transformation of digital technology creating a more resilient and secure foundation for a safer digital future.  

The DSbD programme was set up in 2019, to unlock research and enable industry with the objective to fix the foundations of computing and realise technical developments, the size of which computing has not seen for 50 years or more. With collaboration between academia, industry and government delivering more secure semiconductor devices to pave the way for business and people to safely use and maintain trust in technology.  

 While some of the fundamental market failures have been overcome, it is still imperative that UK Government, industry, academia and international partners continue to work together to maintain and develop this ecosystem further by driving forwards adoption of this ground-breaking approach to protecting the digital world. DSbD is promoting a mindset change for cyber security, giving the freedom to learn, trade, play, automate and collaborate safely through cyber best-practices, reducing the attack surface by default, and protecting operational integrity by design. 

16:20 (BST)

Questions to the Panel of Speakers

16:35 (BST)

Closing Remarks from the Conference Chair

Jessica Figueras
Co-founder, CxB - Cyber Governance for Boards
view profile

Jessica Figueras, Co-founder, CxB – Cyber Governance for Boards

16:45 (BST)

Conference Closes with Drinks Reception

There will be a drinks reception hosted by Netskope and Mimecast in the Conference Foyer following the Conference. 

This reception is for delegates only.

         

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.